CVE-2021-3918 – Prototype Pollution in kriszyp/json-schema

https://notcve.org/view.php?id=CVE-2021-3918

json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') json-schema es vulnerable a la Modificación Indebida de Atributos de Prototipos de Objetos ('Contaminación de Prototipos') The json-schema Node.JS library was vulnerable to prototype pollution during the validation of a JSON object. An attacker, able to provide a specially crafted JSON file for validation, could use this flaw to modify the behavior of the node program, to, for example, execute arbitrary code. • https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741 https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9 https://lists.debian.org/debian-lts-announce/2022/12/msg00013.html https://access.redhat.com/security/cve/CVE-2021-3918 https://bugzilla.redhat.com/show_bug.cgi?id=2024702 • CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •